|
|
Hardening PHP.. adjust php.ini and/or apache directives
|
|
|
;############ php.ini
disable_functions = phpinfo
; disables the phpinfo(). important to not disclose too
; much information about php configuration
expose_php = Off
; this will hide the value from the server signature
display_errors = Off
; production web server should have this turned Off.
; Optionally log errors to specific log files for debugging purposes
display_startup_errors = Off
; hide any errors on startup
register_globals = Off
; this comes stock now.. >= 4.2.0
magic_quotes_gpc = On
; need to protect SQL strings from possible sql injection.
; this can initially help. code should still check to see if it On and
; handle it appropriately
;############# end php.ini
############# apache directives
php_admin_value safe_mode 1
# set safe mode on a per site basis
# safe mode will disable many php functions, copy(), exec(), etc
# and restrict others.. fopen(), can only open if UID is the same as the calling page
php_admin_value open_basedir /var/www/some/site/
# safe mode will lock them down, this is good to have just in case safe mode is
# not set. open_basedir restricts users to files specified in open_basedir
php_admin_value safe_mode_exec_dir /some/executable/dir
# will only allow executing files from the specified directory
php_flag log_errors On
# will log all errors/notices
php_value error_reporting 2047
# error_reporting 2047 will log all errors = E_ALL
php_value error_log /var/www/some/site/log/directory
# log errors to specific directory
php_flag track_errors On
# the last error message will always be present in the variable $php_errormsg
|
|